Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Conectei um pen drive de uma amigo meu no meu notebook que estava com um virus que a principio tinha sido automaticamente excluido pelo meu antivirus...
Porém... ele acabo infectando meu notebook e logo em seguida, infectando meu cartão de memoria e Hd externo
Não sei oque fazer... já passei anti-virus e ele deleta mas não muda nada e não posso formatar pq não posso perder 250Gb de arquivos importantes...
Esse virus faz com que tds os meu arquivos do cartão de memoria e do Hd fiquem ocultos, exibindo vários atalhos que qnd clico para abrir aparece um tal de juibu.scr...
se alguém puder me ajudar eu ficarei mt agradecido...
Obrigado pela atençao..
vlw kra
Aqui está o log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:53, on 25/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\CyberLink\Power2Go\CLMLSvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\Arquivos de programas\Ralink\Common\RalinkRegistryWriter.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Ralink\Common\RaUI.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe
O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Arquivos de programas\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Arquivos de programas\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Arquivos de programas\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Arquivos de programas\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Arquivos de programas\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [updatePPShortCut] "C:\Arquivos de programas\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Arquivos de programas\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Arquivos de programas\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [juibu] C:\Documents and Settings\Nicéa\juibu.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Arquivos de programas\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
--
End of file - 10897 bytes
Boa tarde...
*Desative temporariamente seu antivírus
Clique com o botão direito do mouse no ícone do Avira ao lado do relógio Clique na opção "Antivir Guard enable".
*Baixe o USBFix e salve-o no desktop
*Conecte o Pendrive no PC, mantendo a tecla [shift] apertada até que o mesmo seja reconhecido no Windows explorer
*Execute o UsbFix
*Clique em [Pesquisa] e aguarde o término
*Remova o Pendrive
*Cole o relatório criado em C:\UsbFix.txt
############################## | UsbFix 7.021 | [Pesquisa]
Usuário: XXXX (Administrador) # XXXXXXX-CCF4F5 [ ]
Atualizado em 20/08/10 por El Desaparecido / C_XX
Começou em 19:46:11 | 25/08/2010
Site: http://pagesperso-orange.fr/NosTools/index.html
Contato: FindyKill.Contact@gmail.com
CPU: Intel® Celeron® M CPU 530 @ 1.73GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall: Habilitado
Antivirus: AntiVir Desktop 10.0.1.44 [Enabled | Updated]
RAM -> 502 Mb
C:\ (%systemdrive%) -> Disco fixo # 75 Gb (3 Mb livre - 4%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Disco removível # 2 Gb (54 Mb livre - 3%) [] # FAT
################## | Ficheiros # pastas infeciosos |
Presente ! C:\Documents and Settings\XXXX\Documents.lnk
Presente ! C:\Documents and Settings\XXXX\Music.lnk
Presente ! C:\Documents and Settings\XXXX\New Folder.lnk
Presente ! C:\Documents and Settings\XXXX\Passwords.lnk
Presente ! C:\Documents and Settings\XXXX\Pictures.lnk
Presente ! C:\Documents and Settings\XXXX\Video.lnk
Presente ! E:\Passwords.lnk
################## | Registro |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{05041d72-4b22-11df-8b86-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{05041d74-4b22-11df-8b86-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{28e2b7ac-4823-11df-8b82-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{2c86728f-4e59-11df-8b8d-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5342408a-5e0b-11df-8bc8-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5342408b-5e0b-11df-8bc8-0019db9fbb63}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5b8e1304-4821-11df-8b81-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{5fd43cc3-5ded-11df-8bc6-0019db9fbb63}
Shell\AutoRun\Command = E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{dccba160-5de9-11df-8bc3-0019db9fbb63}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{efd81e00-773e-11df-8c08-0019db9fbb63}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{efd81e01-773e-11df-8c08-0019db9fbb63}
Shell\AutoRun\Command = F:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{efd81e02-773e-11df-8c08-0019db9fbb63}
Shell\AutoRun\Command = F:\AutoRun.exe
################## | Vaccin |
C:\autorun.inf -> Folder criado por Flash_Disinfector (sUBs)
################## | E.O.F |
*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop
*Instale o programa
*A tela principal do programa será aberta automaticamente
*Selecione a opção:
[] Meu Computador
*Clique em [start scan]....aguarde. Pode demorar, seja paciente!
*Caso encontre algo, clique em [skip]
*Ao término do scan, clique em [Report]
*Uma janela chamada "Detailed report" será aberta
*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados
*Clique com o botão direito do mouse e selecione "Select all"
*Clique novamente com o botão direito do mouse e selecione "Copy"
*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt
*Feche a janela "Detailed report" do Kasperky
*Na tela principal do Kaspersky clique em **[Exit] > [No]**
*Cole o relatório salvo no desktop na sua próxima respostaMe desculpe a demora...
aqui está:
Autoscan: stopped 8 hours ago (events: 2, objects: 0, time: 00:01:49)
Autoscan: completed 5 hours ago (events: 2, objects: 329494, time: 03:04:57)
Autoscan: stopped 55 minutes ago (events: 2, objects: 1, time: 00:01:35)
Autoscan: completed 7 minutes ago (events: 2, objects: 73767, time: 00:47:19)
27/8/2010 19:11:02 Task started
27/8/2010 19:58:22 Task completed
vlw
Todos os arquivos nas seguintes pastas você irá perder...
C:\Documents and Settings\XXXX\Documents.lnk
C:\Documents and Settings\XXXX\Music.lnk
C:\Documents and Settings\XXXX\New Folder.lnk
C:\Documents and Settings\XXXX\Passwords.lnk
C:\Documents and Settings\XXXX\Pictures.lnk
C:\Documents and Settings\XXXX\Video.lnk
E:\Passwords.lnk
*Conecte novamente o Pendrive no PC
*Execute o UsbFix
*Clique em [supressão] e aguarde o término
*Remova o Pendrive
*Cole o relatório criado em C:\UsbFix.txt
Kra...
Com isso o meu computador já está sem o virus???
E o meu HD...
Eu coloco e faço o mesmo que fiz com o USBFIX??
As pastas continuam aparecendo ocultas...
vlw...
abaixo o relatório criado pelo USBFIX
############################## | UsbFix 7.021 | [supressão]
Usuário: XXXX (Administrador) # YYYY-CCF4F5 [ ]
Atualizado em 20/08/10 por El Desaparecido / C_XX
Começou em 02:19:27 | 28/08/2010
Site: http://pagesperso-orange.fr/NosTools/index.html
Contato: FindyKill.Contact@gmail.com
CPU: Intel® Celeron® M CPU 530 @ 1.73GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall: Habilitado
Antivirus: AntiVir Desktop 10.0.1.44 [Enabled | Updated]
RAM -> 502 Mb
C:\ (%systemdrive%) -> Disco fixo # 75 Gb (1 Mb livre - 1%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Disco removível # 2 Gb (48 Mb livre - 3%) [] # FAT
G:\ -> Disco removível # 1 Mb (1 Mb livre - 95%) [] # FAT
################## | Ficheiros # pastas infeciosos |
Supprimido ! C:\Documents and Settings\XXX\Documents.lnk
Supprimido ! C:\Documents and Settings\XXX\Music.lnk
Supprimido ! C:\Documents and Settings\XXX\New Folder.lnk
Supprimido ! C:\Documents and Settings\XXX\Passwords.lnk
Supprimido ! C:\Documents and Settings\XXX\Pictures.lnk
Supprimido ! C:\Documents and Settings\XXX\Video.lnk
Supprimido ! F:\Passwords.lnk
################## | Registro |
################## | Mountpoints2 |
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{05041d72-4b22-11df-8b86-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{05041d74-4b22-11df-8b86-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{28e2b7ac-4823-11df-8b82-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{2c86728f-4e59-11df-8b8d-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{5342408a-5e0b-11df-8bc8-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{5b8e1304-4821-11df-8b81-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{5fd43cc3-5ded-11df-8bc6-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{dccba160-5de9-11df-8bc3-0019db9fbb63}
Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{efd81e01-773e-11df-8c08-0019db9fbb63}
################## | Listing |
[11/04/2010 - 17:59:04 | D ] C:\$WINDOWS.~BT
[06/07/2010 - 22:38:47 | D ] C:\9ae06eb3e1cd4ca3b06f29
[02/05/2010 - 12:49:31 | D ] C:\ALVIN
[27/08/2010 - 00:49:17 | RD ] C:\Arquivos de programas
[02/08/2010 - 22:09:57 | D ] C:\Arquivos de Programas RFB
[02/05/2010 - 14:15:18 | D ] C:\ARTHUR_E_OS_MINIMOYS
[01/06/2010 - 18:17:15 | D ] C:\audiences
[11/04/2010 - 17:45:43 | A | 0] C:\AUTOEXEC.BAT
[23/08/2010 - 21:22:34 | RASHD ] C:\autorun.inf
[12/05/2010 - 18:59:20 | D ] C:\BOOT
[12/05/2010 - 14:29:11 | SH | 211] C:\boot.ini
[14/04/2008 - 09:00:00 | RASH | 4952] C:\Bootfont.bin
[01/06/2010 - 18:17:15 | D ] C:\codecs
[01/06/2010 - 18:17:15 | D ] C:\common
[27/08/2010 - 08:25:24 | SHD ] C:\Config.Msi
[11/04/2010 - 17:45:43 | A | 0] C:\CONFIG.SYS
[17/06/2010 - 17:46:06 | A | 367201] C:\Copia.7z
[23/06/2010 - 15:11:44 | D ] C:\CyberStep
[09/07/2010 - 08:33:56 | D ] C:\Dev-Cpp
[11/05/2010 - 12:52:06 | SHD ] C:\Documents and Settings
[25/03/2002 - 11:42:58 | A | 1654] C:\EULA.TXT
[06/04/2004 - 00:02:00 | A | 188482] C:\helixprodctrl.dll
[17/06/2010 - 17:45:06 | A | 158] C:\ID.txt
[11/04/2010 - 18:00:03 | D ] C:\Intel
[11/04/2010 - 17:45:43 | RASH | 0] C:\IO.SYS
[11/04/2010 - 17:45:43 | RASH | 0] C:\MSDOS.SYS
[19/04/2010 - 16:57:04 | RHD ] C:\MSOCache
[06/06/2010 - 22:16:09 | D ] C:\MyWorks
[02/05/2010 - 14:57:29 | D ] C:\Night_at_the_Museum2
[14/04/2008 - 09:00:00 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 09:00:00 | RASH | 251696] C:\ntldr
[11/04/2010 - 21:12:21 | D ] C:\OPKTools
[27/08/2010 - 19:04:09 | ASH | 792723456] C:\pagefile.sys
[23/08/2010 - 21:21:02 | D ] C:\PenClean
[01/06/2010 - 18:17:15 | D ] C:\plugins
[06/12/2002 - 14:02:00 | A | 272896] C:\pncrt.dll
[25/04/2010 - 18:17:08 | D ] C:\Programas
[28/08/2010 - 02:23:36 | SHD ] C:\RECYCLER
[02/05/2010 - 13:11:44 | D ] C:\SPONGEBOB_THEMOVIE_LATAMER
[27/08/2010 - 11:54:43 | SHD ] C:\System Volume Information
[01/06/2010 - 18:17:15 | D ] C:\tools
[01/06/2010 - 18:17:15 | A | 4754] C:\unins000.dat
[28/11/2003 - 04:00:00 | A | 75922] C:\unins000.exe
[28/08/2010 - 02:23:36 | D ] C:\UsbFix
[28/08/2010 - 02:23:42 | A | 1451] C:\UsbFix.txt
[10/05/2010 - 14:26:47 | A | 40] C:\WFCNAME.INI
[27/08/2010 - 22:03:13 | D ] C:\WINDOWS
[09/12/2009 - 17:43:18 | SHD ] F:\caa
[09/12/2009 - 17:43:20 | SHD ] F:\CityData
[09/12/2009 - 17:43:20 | SHD ] F:\Ebook
[09/12/2009 - 17:43:20 | SHD ] F:\My Music
[31/07/2010 - 19:03:50 | SHD ] F:\MyNes
[09/12/2009 - 17:43:36 | SHD ] F:\mythroad
[09/12/2009 - 17:43:38 | SHD ] F:\photos
[09/12/2009 - 17:43:38 | SHD ] F:\Received
[09/12/2009 - 17:43:38 | SHD ] F:\video
[26/08/2010 - 20:49:18 | AH | 135720] F:\audio_play_list.txt
[21/04/2010 - 20:54:20 | A | 1653343] F:\(2) hino do flamengo mundo canibal.mp3
[21/04/2010 - 20:55:00 | A | 77367] F:\o pobrêma.mp3
[29/04/2010 - 14:56:00 | SHD ] F:\Audio
[17/07/2010 - 01:26:34 | A | 5398175] F:\V170710_00.17.3gp
[02/08/2010 - 15:05:08 | SHD ] F:\Pictures
[02/08/2010 - 15:05:08 | SHD ] F:\Videos
[02/08/2010 - 15:05:08 | SHD ] F:\Sounds
[02/08/2010 - 15:05:08 | SHD ] F:\Games & Applications
[02/08/2010 - 15:05:08 | SHD ] F:\Others
[02/08/2010 - 15:05:08 | SHD ] F:\Documents
[17/06/2010 - 21:45:34 | A | 10252372] F:\Knaan_-_Wavin_Flag_FIFA_World_.wav
[14/06/2010 - 14:12:50 | A | 3573976] F:\Knaan_-_Wavin_Flag_FIFA_World_.mp3
[17/06/2010 - 21:34:02 | A | 4933888] F:\Shakera feat. Freshlyground - Waka Waka (This Time For Africa)(2).mp3
[20/02/2007 - 06:26:56 | A | 993280] F:\A profecia da índia.WAV
[26/04/2008 - 16:55:50 | A | 3890247] F:\A profecia da índia-Ruan S.X.Coutinho, Yhasmani Barcelos Cabral e Yhasmin Barcelos cabral.mp3
[04/04/2007 - 22:46:42 | A | 42932290] F:\A profecia da índia-Ruan S.X.Coutinho, Yhasmani Barcelos Cabral e Yhasmin Barcelos cabral.wav
[04/04/2007 - 22:14:28 | A | 5159758] F:\Profecia da india.wav
[01/01/2003 - 00:08:48 | SHD ] F:\RESTORE
[01/01/2003 - 00:08:48 | RSHD ] F:\RECYCLER
[10/08/2010 - 14:33:50 | A | 63169] F:\cartão4.JPG
[10/08/2010 - 14:32:30 | A | 89799] F:\cartão3.jpg
[10/08/2010 - 14:35:22 | A | 62859] F:\cartão5.JPG
[10/08/2010 - 14:36:30 | A | 139776] F:\cartão.doc
[10/08/2010 - 14:37:06 | A | 200652] F:\cartão1.JPG
[23/08/2010 - 21:21:02 | RHD ] F:\autorun.inf
[23/08/2010 - 12:55:06 | A | 4864754] F:\Europe - The Final Coutdown.mp3
[23/08/2010 - 12:47:30 | A | 4220178] F:\Love the Way You Lie Ft. Rihan.mp3
[23/08/2010 - 12:41:08 | A | 3913644] F:\ray parker jr. - ghost buster.mp3
[23/08/2010 - 12:51:48 | A | 3679678] F:\Rocky Balboa - Eye of the tiger.mp3
[23/08/2010 - 12:31:46 | A | 4020056] F:\Smash Mouth - All Star.mp3
[25/08/2010 - 20:09:52 | A | 5971895] F:\01 - Elevation (Tomb Raider Mix).mp3
[01/03/2008 - 07:33:12 | SHD ] G:\Received
[01/03/2008 - 00:59:26 | HD ] G:\Phbimage
[01/03/2008 - 00:59:26 | H | 0] G:\phb_video.dat
[01/03/2008 - 07:33:16 | SHD ] G:\Images
[01/03/2008 - 07:33:16 | SHD ] G:\Audio
[01/03/2008 - 07:33:16 | SHD ] G:\Ebook
[27/08/2010 - 11:18:44 | HD ] G:\Download
[01/03/2008 - 00:59:32 | HD ] G:\mms
[31/07/2009 - 19:01:12 | H | 0] G:\audio_play_list.txt
[15/08/2009 - 11:27:36 | SHD ] G:\brs
[01/01/2003 - 00:09:06 | RSHD ] G:\RECYCLER
[01/01/2003 - 00:09:10 | SHD ] G:\RESTORE
################## | Vaccin |
C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)
################## | Upload |
Favor enviar o arquivo: C:\UsbFix_Upload_Me_BARCELOS-CCF4F5.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição.
################## | E.O.F |
1.
Favor enviar o arquivo: C:\UsbFix_Upload_Me_BARCELOS-CCF4F5.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição.
2.
*Execute o UsbFix
*Clique em [uninstall]
3.
*Baixe o MKV e salve-o no desktop
*Execute o MKV e clique em [supprimer la vaccination]
4.
*Baixe o AD-Remover e salve-o no desktop
*Execute o AD-Remover
*Clique em [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.
*Cole o relatório criado em C:\Ad-Report-CLEAN.log
======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======
Updated by C_XX on 26/07/10 at 12:00
Contact: AdRemover.contact[AT]gmail.com
website: http://pagesperso-orange.fr/NosTools/ad_remover.html
C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:19:25 on 28/08/2010, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
Nicéa@BARCELOS-CCF4F5 ( )
============== ACTION(S) ==============
0,Folder deleted: C:\Arquivos de programas\AskTBar
0,Folder deleted: C:\Documents and Settings\Nicéa\Configurações locais\Dados de aplicativos\Conduit
0,Folder deleted: C:\Arquivos de programas\Conduit
0,Folder deleted: C:\Documents and Settings\Nicéa\Dados de aplicativos\PriceGong
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\Nicéa\Dados de aplicativos\Mozilla\FireFox\Profiles\4j6re1e1.default\Prefs.js --
Line deleted: user_pref("CT1460988.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line deleted: user_pref("CT1460988.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT146...
Line deleted: user_pref("CT1460988.ct1669100.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_S...
-- File closed --
1,Key deleted: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
1,Key deleted: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
1,Key deleted: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
1,Key deleted: HKLM\Software\Classes\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}
0,Key deleted: HKLM\Software\Classes\Toolbar.CT1460988
0,Key deleted: HKLM\Software\Classes\Toolbar.CT2552374
0,Key deleted: HKLM\Software\Conduit
0,Key deleted: HKCU\Software\Conduit
0,Key deleted: HKLM\Software\Classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
============== ADDITIONNAL SCAN ==============
Mozilla Firefox Version [3.6.8 (pt-BR)]
-- C:\Documents and Settings\Nicéa\Dados de aplicativos\Mozilla\FireFox\Profiles\4j6re1e1.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Nicéa\\Meus documentos\\Yhasmani\\BLOG
browser.search.defaultenginename, Search the web (Babylon)
browser.search.defaulturl, hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66067
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.google.com.br/
browser.startup.homepage_override.mstone, rv:1.9.2.8
========================================
Internet Explorer Version [6.0.2900.5512]
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Arquivos de programas\Ad-Remover\Quarantine: 57 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)
C:\Ad-Report-CLEAN[1].txt - 28/08/2010 (2958 Byte(s))
End at: 13:22:48, 28/08/2010
============== E.O.F ==============
1.
*Delete o programa MKV
2.
*Execute novamente o AD-Remover
*Clique em [uninstall]
3.
*Baixe o SCRP e salve-o no desktop
*Extraia para o desktop
*Execute o SCRP, aguarde e clique em [OK]
4.
*Desative temporariamente seu antivírus
*Baixe o ComboFix e salve-o no desktop
*Execute o Combofix e aceite o contrato
*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0741/recovery-console-prompt.jpg&key=e82a02a7669077650b575129b2877919986cc4825b1687eb2ffdb0009aaf6732" alt="recovery-console-prompt.jpg" />
*Clique em [sIM] para continuar.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0744/recovery-console-installed.jpg&key=ea128ab96f17dd81ce75cb7ce84d8f5e2e8b2b0e5321caf560d0276a9f2199c4" alt="recovery-console-installed.jpg" />
*Aguarde a conclusão de todas as etapas
/applications/core/interface/imageproxy/imageproxy.php?img=http://d.imagehost.org/0428/etapas.jpg&key=250c1a0bc69aad66089043d6d8150402761d8cb6b9d93671998163470db4d210" alt="etapas.jpg" />
*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.
*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.
*Se for reiniciar o PC haverá uma opção, na inicialização, chamada Console de Recuperação. Não entre no Windows através do mesmo desde que devidamente orientado(a)!
ComboFix 10-08-23.01 - Nicéa 28/08/2010 18:23:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.502.317 [GMT -3:00]
Executando de: c:\documents and settings\Nicéa\Desktop\ComboFix.exe
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\id.txt
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-28 to 2010-08-28 ))))))))))))))))))))))))))))
.
2010-08-28 05:23 . 2010-08-28 05:23 7160 ----a-w- C:\UsbFix_Upload_Me_BARCELOS-CCF4F5.zip
2010-08-27 14:50 . 2009-10-22 16:54 37392 ----a-w- c:\windows\system32\drivers\72157142.sys
2010-08-27 14:50 . 2009-09-25 20:59 128016 ----a-w- c:\windows\system32\drivers\72157141.sys
2010-08-27 14:49 . 2009-10-10 02:31 315408 ----a-w- c:\windows\system32\drivers\7215714.sys
2010-08-26 01:58 . 2010-08-26 01:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2010-08-25 22:31 . 2010-08-28 16:14 -------- d-----w- C:\UsbFix
2010-08-24 14:59 . 2010-08-24 14:59 -------- d-----w- c:\arquivos de programas\trend micro
2010-08-24 00:19 . 2010-08-24 00:21 -------- d-----w- C:\PenClean
2010-08-23 23:50 . 2010-08-23 23:50 -------- d-----w- c:\arquivos de programas\CCleaner
2010-08-19 23:21 . 2010-08-19 23:21 -------- d-----w- c:\arquivos de programas\Google
2010-08-12 18:29 . 2010-08-12 18:29 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-03 16:41 . 2010-08-03 16:41 -------- d-----w- c:\windows\Sun
2010-08-03 16:40 . 2010-08-03 16:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-08-03 16:39 . 2010-08-03 16:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-03 16:38 . 2010-08-03 16:38 -------- d-----w- c:\arquivos de programas\Java
2010-08-03 01:09 . 2010-08-03 01:09 -------- d-----w- C:\Arquivos de Programas RFB
2010-08-02 03:47 . 2010-08-02 03:47 -------- d-----w- c:\arquivos de programas\Vstplugins
2010-08-02 03:47 . 2010-08-02 03:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony
2010-08-02 03:45 . 2010-08-02 03:45 -------- d-----w- c:\arquivos de programas\Sony
2010-08-02 03:41 . 2010-08-02 03:41 -------- d-----w- c:\arquivos de programas\Sony Setup
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 03:54 . 2010-04-11 21:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-08-26 22:06 . 2010-04-28 21:38 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2010-08-26 02:39 . 2010-05-15 04:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2010-08-26 02:39 . 2010-05-15 04:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero
2010-08-26 01:59 . 2010-04-11 21:59 -------- d-----w- c:\arquivos de programas\Nero
2010-08-11 15:03 . 2001-10-28 12:07 80396 ----a-w- c:\windows\system32\perfc016.dat
2010-08-11 15:03 . 2001-10-28 12:07 471614 ----a-w- c:\windows\system32\perfh016.dat
2010-08-08 04:02 . 2010-06-07 01:05 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp
2010-08-02 03:38 . 2010-06-01 21:17 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter 9.0
2010-07-22 19:13 . 2010-04-19 20:05 -------- d-----w- c:\arquivos de programas\Softonic_Brasil
2010-07-17 17:11 . 2010-07-17 17:11 -------- d-----w- c:\arquivos de programas\PhotoFiltre Studio X
2010-07-15 00:02 . 2010-07-14 23:59 -------- d-----w- c:\arquivos de programas\EPSON
2010-07-14 23:53 . 2010-07-14 23:53 -------- d-----w- c:\arquivos de programas\Free WMA to MP3 Converter
2010-07-14 23:28 . 2010-07-14 23:28 -------- d-----w- c:\arquivos de programas\Babylon
2010-07-14 15:29 . 2010-06-07 01:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-07-14 15:27 . 2010-06-07 01:22 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2010-07-07 01:39 . 2010-07-07 01:39 -------- d-----w- c:\arquivos de programas\MSBuild
2010-07-07 01:39 . 2010-07-07 01:39 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2010-06-30 12:32 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2008-04-14 12:00 669184 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 09:02 . 2008-04-14 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-04-11 20:43 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 00:40 . 2010-06-11 00:40 922112 ------w- c:\windows\system32\imapi2fs.dll
2010-06-11 00:40 . 2010-06-11 00:40 426496 ------w- c:\windows\system32\imapi2.dll
2010-06-07 18:30 . 2010-06-07 01:05 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{FD78CD0B-E886-40EC-A5F1-2A6584120E78}\PostBuild.exe
2010-06-07 01:20 . 2010-06-07 01:20 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
2010-06-07 01:18 . 2010-06-07 01:19 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-07 01:18 . 2010-06-07 01:19 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
2010-06-07 01:18 . 2010-04-11 21:49 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-06-07 01:18 . 2010-04-11 21:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-07 01:16 . 2010-06-07 01:16 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-06-07 01:11 . 2010-06-07 01:11 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2010-06-07 01:10 . 2010-06-07 01:10 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-06-01 21:17 . 2010-06-01 21:17 4754 ----a-w- C:\unins000.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-08-16 2734688]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
2010-08-16 23:01 2734688 ----a-w- c:\arquivos de programas\Softonic_Brasil\tbSof0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-08-16 2734688]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-08-16 2734688]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Power2GoExpress"="c:\arquivos de programas\CyberLink\Power2Go\Power2GoExpress.exe" [2007-12-03 2680104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-07-17 573440]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"CLMLServer"="c:\arquivos de programas\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"P2Go_Menu"="c:\arquivos de programas\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"UpdatePDRShortCut"="c:\arquivos de programas\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-28 210216]
"RemoteControl8"="c:\arquivos de programas\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UpdatePPShortCut"="c:\arquivos de programas\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"EPSON Stylus C67 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE" [2005-01-25 98304]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Ralink Wireless Utility.lnk - c:\arquivos de programas\Ralink\Common\RaUI.exe [2010-4-11 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
R0 72157142;72157142 Boot Guard Driver;c:\windows\system32\drivers\72157142.sys [27/8/2010 11:50 37392]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/2/2006 13:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/2/2006 14:01 29056]
R1 72157141;72157141;c:\windows\system32\drivers\72157141.sys [27/8/2010 11:50 128016]
R1 setup_9.0.0.722_27.08.2010_04-15drv;setup_9.0.0.722_27.08.2010_04-15drv;c:\windows\system32\drivers\7215714.sys [27/8/2010 11:49 315408]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [11/4/2010 18:51 135336]
R2 NAUpdate;@c:\arquivos de programas\Nero\Update\NASvc.exe,-200;c:\arquivos de programas\Nero\Update\NASvc.exe [4/5/2010 12:07 503080]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/5/2010 00:00 691696]
.
.
------- Scan Suplementar -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nicéa\Dados de aplicativos\Mozilla\Firefox\Profiles\4j6re1e1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66067
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - component: c:\documents and settings\Nicéa\Dados de aplicativos\Mozilla\Firefox\Profiles\4j6re1e1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Nicéa\Dados de aplicativos\Mozilla\Firefox\Profiles\4j6re1e1.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-juibu - c:\documents and settings\Nicéa\juibu.exe
HKLM-Run-NiwradSoft Welcome - c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
AddRemove-aMSN - c:\arquivos de programas\aMSN\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 18:35
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\o2flash.exe
c:\arquivos de programas\Ralink\Common\RalinkRegistryWriter.exe
c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Nicéa\Desktop\Virus Removal Tool\setup_9.0.0.722_27.08.2010_04-15\setup_9.0.0.722_27.08.2010_04-15.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-08-28 18:46:34 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-08-28 21:46
Pré-execução: 1.053.278.208 bytes disponíveis
Pós execução: 6.176.616.448 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
OK...o PC está limpo.
1.
*Delete o programa SCRP.
2.
*Clique em [iniciar] > [Executar] > copie e cole: Combofix /uninstall
*Clique [OK]
/applications/core/interface/imageproxy/imageproxy.php?img=http://h.imagehost.org/0248/92674490.jpg&key=d7625160bdb4f34fddfbe12b72891b63b90fddb13f504a329efcb0a689cdc439" alt="92674490.jpg" />
*Clique em [Executar]
*Aguarde surgir a mensagem: "ComboFix está desinstalado"
*Clique [OK]
3.
*Clique em [iniciar] > [Executar] > digite: msconfig
*Clique OK
*Clique na aba "BOOT.INI"
*Selecione a linha C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0360/removercombofix1.jpg&key=7d888ec57af7c84a608469b082645215497c9dc4f1deb2f58662212d4629a086" alt="removercombofix1.jpg" />
*Clique em [Verificar caminhos de inicialização]
*Clique em [sIM] > [OK]
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0113/removercombofix2.jpg&key=b05e239b623486ef9c674dd8f6e01dcf82b76a58a2d1e415e4b12a469f9b8756" alt="removercombofix2.jpg" />
*Reinicie o PC
*Ao iniciar o Windows, o utilitário de configuração informará que foi alterado.
*Clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"
4.
*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start
*A tela principal do Kaspersky será aberta novamente
*Clique em [Exit] > [Yes] > [sim] > [sim]
*O PC será reiniciado
*Delete os arquivos setup do Kaspersky e log.txt salvos no desktop
5.
*Clique com o botão direito do mouse em Meu Computador e selecione Propriedades
*Clique em Restauração do Sistema
*Selecione a opção:
[] Desativar Restauração do Sistema
*Clique [Aplicar] > [sim] > [OK]
6. Ative a Restauração do Sistema pelo mesmo caminho acima e desmarque:
[] Desativar Restauração do Sistema
Um abraço.
Mas kra... e os discos removiveis
oq eu faço com o meu cartão de memória e o HD EXTERNO???
Eu uso o Avira em meu computador, mas depois desse virus quero trocar meu anti-virus e colocar o AVAST...
oq você acha???
Mt obrigado...
Mas kra... e os discos removiveis
O que tem?...já foi usado o USBFix. Nada encontrado no Pendrive.
oq eu faço com o meu cartão de memória
Pode seguir o procedimento do USBFix com ele e colar o relatório.
e o HD EXTERNO???
O que tem ele?
As pastas do meu HD externo e do memory card ainda estão como arquivos ocultos...
Eu não sei oq fazer...
pois não posso formatar meu HD... tem mt coisa...
vlw
Clique com o botão direito do mouse em alguma pasta oculta e selecione "Propriedades"
Na aba [Geral] desmarque o atributo "Oculto" e clique [OK]
aí ele fica mostrando vários atalhos...
e qnd clico em um dos atalhos aparece escrito assim:
"O item 'juibu.scr' a que este atalho se refere foi alterado ou movido. O atalho não funcionará corretamente. Deseja excluir este atalho?"
Vamos ver se conseguimos algo.
Conecte o HD externo e o cartão no PC. Durante a conexão de cada um, mantenha a tecla [shift] apertada até que sejam identificados no Windows explorer.
*Baixe novamente o Kaspersky Virus Removal Tool e salve-o no desktop
*Instale o programa
*A tela principal do programa será aberta automaticamente
*Clique em [+ Add], localize "Meu Computador" e clique no sinal + ao seu lado
*Localize o HD externo e clique nele
*Repita o procedimento para o cartão
*Confirme pela tela principal do Kaspersky que ambos estejam selecionados para o scan
*Clique em [start scan]
*Caso encontre algo, clique em [skip]
*Ao término do scan, clique em [Report]
*Uma janela chamada "Detailed report" será aberta
*Na caixa [important events] selecione "All events"
*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados
*Clique com o botão direito do mouse em **Autoscan** e selecione **"Select all"**
*Clique novamente com o botão direito do mouse e selecione **"Copy"**
*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt
*Feche a janela "Detailed report" do Kasperky
*Na tela principal do Kaspersky clique em **[Exit] > [No]**
*Cole o relatório salvo no desktop na sua próxima respostakra...
Eu passei o kaspersky no memory card e o Hd externo junto e fiz o Detailed report...
Porém qnd coloco para exibir all events e seleciono tudo... o programa trava ao tentar copiar...
deixando no important events ele exibi a seguinda página:
Autoscan: stopped 2 hours ago (events: 78, objects: 168, time: 00:00:27)
Autoscan: stopped 2 hours ago (events: 4, objects: 13695, time: 00:09:36)
Autoscan: completed 14850 days ago (events: 94, objects: 140092, time: 01:08:27)
29/8/2010 14:49:41 Task started
29/8/2010 14:51:34 Detected: Worm.Win32.VBNA.akzw H:\xxx.dll
29/8/2010 14:54:42 Untreated: Worm.Win32.VBNA.akzw H:\xxx.dll Skipped by user
29/8/2010 15:47:49 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017408.scr
29/8/2010 15:47:49 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017407.exe
29/8/2010 15:47:50 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017435.exe
29/8/2010 15:56:08 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017408.scr Skipped by user
29/8/2010 15:56:09 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017436.scr
29/8/2010 15:56:10 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017435.exe Skipped by user
29/8/2010 15:56:12 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017407.exe Skipped by user
29/8/2010 15:56:15 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017436.scr Skipped by user
29/8/2010 15:56:15 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017464.exe
29/8/2010 15:56:15 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017465.scr
29/8/2010 15:56:15 Detected: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017462.lnk
29/8/2010 15:56:17 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017464.exe Skipped by user
29/8/2010 15:56:18 Untreated: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017462.lnk Skipped by user
29/8/2010 15:56:19 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP88\A0017465.scr Skipped by user
29/8/2010 15:56:21 Detected: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019050.lnk
29/8/2010 15:56:21 Detected: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019051.lnk
29/8/2010 15:56:21 Detected: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019052.lnk
29/8/2010 15:56:23 Untreated: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019050.lnk Skipped by user
29/8/2010 15:56:23 Detected: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019053.lnk
29/8/2010 15:56:24 Untreated: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019052.lnk Skipped by user
29/8/2010 15:56:24 Detected: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019054.lnk
29/8/2010 15:56:25 Untreated: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019051.lnk Skipped by user
29/8/2010 15:56:25 Detected: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019055.lnk
29/8/2010 15:56:26 Untreated: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019054.lnk Skipped by user
29/8/2010 15:56:27 Detected: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019056.lnk
29/8/2010 15:56:27 Untreated: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019053.lnk Skipped by user
29/8/2010 15:56:28 Detected: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019057.lnk
29/8/2010 15:56:28 Untreated: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019056.lnk Skipped by user
29/8/2010 15:56:28 Detected: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019058.lnk
29/8/2010 15:56:29 Untreated: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019055.lnk Skipped by user
29/8/2010 15:56:29 Detected: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019059.lnk
29/8/2010 15:56:29 Untreated: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019058.lnk Skipped by user
29/8/2010 15:56:30 Detected: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019060.lnk
29/8/2010 15:56:30 Untreated: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019057.lnk Skipped by user
29/8/2010 15:56:31 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019061.exe
29/8/2010 15:56:31 Untreated: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019060.lnk Skipped by user
29/8/2010 15:56:32 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019062.scr
29/8/2010 15:56:32 Untreated: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019059.lnk Skipped by user
29/8/2010 15:56:33 Detected: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019063.exe
29/8/2010 15:56:33 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019062.scr Skipped by user
29/8/2010 15:56:33 Detected: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019064.lnk
29/8/2010 15:56:34 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019061.exe Skipped by user
29/8/2010 15:56:34 Detected: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019065.lnk
29/8/2010 15:56:35 Untreated: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019064.lnk Skipped by user
29/8/2010 15:56:35 Detected: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019066.lnk
29/8/2010 15:56:35 Untreated: Worm.Win32.VBNA.b H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019063.exe Skipped by user
29/8/2010 15:56:36 Detected: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019067.lnk
29/8/2010 15:56:36 Untreated: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019066.lnk Skipped by user
29/8/2010 15:56:37 Detected: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019068.lnk
29/8/2010 15:56:37 Untreated: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019065.lnk Skipped by user
29/8/2010 15:56:37 Detected: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019069.lnk
29/8/2010 15:56:37 Untreated: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019068.lnk Skipped by user
29/8/2010 15:56:38 Untreated: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019067.lnk Skipped by user
29/8/2010 15:56:38 Detected: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019070.lnk
29/8/2010 15:56:38 Detected: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019071.lnk
29/8/2010 15:56:39 Untreated: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019069.lnk Skipped by user
29/8/2010 15:56:39 Detected: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019072.lnk
29/8/2010 15:56:39 Untreated: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019071.lnk Skipped by user
29/8/2010 15:56:40 Detected: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019073.lnk
29/8/2010 15:56:40 Untreated: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019070.lnk Skipped by user
29/8/2010 15:56:41 Detected: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019074.lnk
29/8/2010 15:56:41 Untreated: Trojan.WinLNK.Agent.m H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019073.lnk Skipped by user
29/8/2010 15:56:41 Detected: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019075.lnk
29/8/2010 15:56:42 Untreated: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019072.lnk Skipped by user
29/8/2010 15:56:42 Detected: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019076.lnk
29/8/2010 15:56:44 Untreated: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019075.lnk Skipped by user
29/8/2010 15:56:44 Detected: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019077.lnk
29/8/2010 15:56:45 Untreated: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019074.lnk Skipped by user
29/8/2010 15:56:45 Detected: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019078.lnk
29/8/2010 15:56:46 Untreated: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019077.lnk Skipped by user
29/8/2010 15:56:47 Detected: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019079.lnk
29/8/2010 15:56:49 Untreated: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019076.lnk Skipped by user
29/8/2010 15:56:50 Detected: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019080.lnk
29/8/2010 15:56:50 Untreated: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019079.lnk Skipped by user
29/8/2010 15:56:51 Detected: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019081.lnk
29/8/2010 15:56:51 Untreated: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019078.lnk Skipped by user
29/8/2010 15:56:51 Untreated: Trojan.WinLNK.Agent.s H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019081.lnk Skipped by user
29/8/2010 15:56:51 Detected: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019082.lnk
29/8/2010 15:56:52 Detected: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019083.lnk
29/8/2010 15:56:52 Untreated: Trojan.WinLNK.Agent.u H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019080.lnk Skipped by user
29/8/2010 15:56:52 Detected: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019084.lnk
29/8/2010 15:56:52 Untreated: Trojan.WinLNK.Agent.o H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019083.lnk Skipped by user
29/8/2010 15:56:53 Detected: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019085.lnk
29/8/2010 15:56:54 Untreated: Trojan.WinLNK.Agent.r H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019082.lnk Skipped by user
29/8/2010 15:56:54 Detected: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019086.lnk
29/8/2010 15:56:54 Untreated: Trojan.WinLNK.Agent.t H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019085.lnk Skipped by user
29/8/2010 15:56:55 Detected: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019087.lnk
29/8/2010 15:56:55 Untreated: Exploit.Win32.CVE-2010-2568.g H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019084.lnk Skipped by user
29/8/2010 15:56:58 Untreated: Trojan.WinLNK.Agent.p H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019087.lnk Skipped by user
29/8/2010 15:57:04 Untreated: Trojan.WinLNK.Agent.n H:\System Volume Information\_restore{63317395-B78A-4F96-B60F-43C8F77D04C9}\RP90\A0019086.lnk Skipped by user
29/8/2010 15:58:09 Task completed
OK...
1.
*Conecte apenas o HD externo
*Abra a pasta Virus Removal Tool, localizada no desktop, duplo clique no atalho Start
*A tela principal do Kaspersky será aberta novamente
*Clique em [+ Add], localize "Meu Computador" e clique no sinal + ao seu lado
*Localize o HD externo e clique nele
*Clique em [start scan]
....aguarde. Pode demorar, seja paciente!
*Caso encontre algo, clique em [Disinfect], caso não seja possível, clique em [Delete]
*Ao término do scan, clique em [Report]
*Na caixa [important events] selecione "All events"
*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados
*Clique com o botão direito do mouse na palavra Autoscan e selecione **"Select all"**
*Clique novamente com o botão direito do mouse e selecione **"Copy"**
*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log2.txt
*Feche a janela "Detailed report" do Kasperky
*Na tela principal do Kaspersky clique em **[Exit] > [No]**
*Cole o relatório salvo no desktop na sua próxima respostaTópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Post um log conforme topico
http://forum.imasters.com.br/index.php?showtopic=165906